Security
Headlines
HeadlinesLatestCVEs

Headline

On Monday, October 21, updates for the critical Remote Code Execution – VMware vCenter (CVE-2024-38812) vulnerability were released again

On Monday, October 21, updates for the critical Remote Code Execution – VMware vCenter (CVE-2024-38812) vulnerability were released again. Wait, haven’t fixes for this vulnerability been available since September 17th? They were, but it was not enough. “VMware by Broadcom has determined that the vCenter patches released on September 17, 2024 did not completely address […]

Alexander V. Leonov
#vulnerability#rce#vmware#blog

On Monday, October 21, updates for the critical Remote Code Execution – VMware vCenter (****CVE-2024-38812****) vulnerability were released again****. Wait, haven’t fixes for this vulnerability been available since September 17th? They were, but it was not enough.

“VMware by Broadcom has determined that the vCenter patches released on September 17, 2024 did not completely address CVE-2024-38812. The patches listed in the Response Matrix below are updated versions that contain additional fixes to fully address CVE-2024-38812.”

If you are using VMware vCenter, please take note and update it again. Current secure versions of VMware vCenter Server are 7.0 U3t, 8.0 U2e and 8.0 U3d.

Updates are also available for the VMware Cloud Foundation.

На русском

Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.

А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.

Related news

THN Cybersecurity Recap: Top Threats, Tools and News (Oct 21 - Oct 27)

Cybersecurity news can sometimes feel like a never-ending horror movie, can't it? Just when you think the villains are locked up, a new threat emerges from the shadows. This week is no exception, with tales of exploited flaws, international espionage, and AI shenanigans that could make your head spin. But don't worry, we're here to break it all down in plain English and arm you with the

VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability

VMware has released software updates to address an already patched security flaw in vCenter Server that could pave the way for remote code execution. The vulnerability, tracked as CVE-2024-38812 (CVSS score: 9.8), concerns a case of heap-overflow vulnerability in the implementation of the DCE/RPC protocol. "A malicious actor with network access to vCenter Server may trigger this vulnerability by

September episode of “In The Trend of VM”: 7 CVEs, fake reCAPTCHA, lebanese pagers, VM and IT annual bonuses

September episode of “In The Trend of VM”: 7 CVEs, fake reCAPTCHA, lebanese pagers, VM and IT annual bonuses. Starting this month, we decided to slightly expand the topics of the videos and increase their duration. I cover not only the trending vulnerabilities of September, but also social engineering cases, real-world vulnerability exploitation, and practices […]

Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution

Broadcom on Tuesday released updates to address a critical security flaw impacting VMware vCenter Server that could pave the way for remote code execution. The vulnerability, tracked as CVE-2024-38812 (CVSS score: 9.8), has been described as a heap-overflow vulnerability in the DCE/RPC protocol. "A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a

Alexander V. Leonov: Latest News

December Microsoft Patch Tuesday